Find the riskiest code in any repo.

The 20% of functions causing 80% of your bugs, incidents, and slowdowns — identified automatically.

Works on TypeScript, JavaScript, Rust, Go, Python, and Java.

$ hotspots analyze src/

12.4  billing.ts  processPlanUpgrade  CRIT
9.8   session.ts  validateSession      HIGH
8.1   migrate.ts  applySchema          HIGH

Install View on GitHub

⭐ If it saves you time, please star the repo.

⭐ Star on GitHub 1

Install in 30 seconds

One command. No daemon. No config file required.

Install — macOS

$ brew install Stephen-Collins-tech/tap/hotspots

Install — Linux

$ curl -fsSL https://raw.githubusercontent.com/Stephen-Collins-tech/hotspots/main/install.sh | sh

Run

$ hotspots analyze .

Output

Top risk functions
  12.4  src/billing.ts       processPlanUpgrade  CRIT
   9.8  src/session.ts       validateSession      HIGH
   8.1  src/migrate.ts       applySchema          HIGH

What you get

✓

Find the 5 files causing 80% of your bugs

Hotspots combines cyclomatic complexity with churn history to surface the exact functions that are both hard to understand and frequently changing.

✓

Prioritize refactors with a data-driven risk score

Every function gets a numeric score. No guessing, no gut feeling — just a ranked list you can act on in the next sprint.

✓

Block complexity regressions in CI

Run hotspots in delta mode with --policy and your CI fails if a PR introduces a new critical function or spikes an existing one. No manual review required.

Real output on real repos

Every post on the blog is a full hotspots analysis run against a real open-source repo — same tool, same command, reproducible output.

Reproduce any post locally

$ hotspots analyze <path> --mode snapshot --format json --explain-patterns --force

See analysis posts → · Reproduce locally →